In the way it was presented the recent revelation from Marriott International that user data was compromised by an unknown threat appears no different to all the other disturbingly ordinary breaches that have occurred over the past few years In most cases the headlines will toss out a dramatic number of affected individuals and amounts of stolen information described by sweepingly generic impressions of the data lost This is all capped off with assurances that the affected organization is working with law enforcement promises of cybersecurity improvements and offers of free identity theft monitoring in an attempt to regain public trust At this point of breach news saturation most people confuse all the breaches the data lost and the sources for those breaches Honestly it has gotten exhaustive every single week there is a significant breach and frankly its the tip of the iceberg Many more breaches go completely unnoticed until fraud begins This brings us to an important question what happens if the data lost is not used for fraud First lets understand how criminals use stolen information for money Normal criminal activity is centered around money pure and simple Any data that can facilitate the extraction of money or increase the yield of a fraud scheme is sought by criminals Typically this Personal Data PD is used to verify the identity of a person sometimes even through telephonic conformation the highest threshold beyond showing up in person The simplest form of this is knowing the credit card number and CVV and the next escalation is a mailing address More advanced fraud such as assuming a persons identity starts with name and address then expands from there This type of fraud is referred to as a form of synthetic fraud its the creation of accounts using the persons PD sprinkling in false information to fill in the gaps and facilitate fraud Most online related fraud on the other hand is account take-over style the criminal steals legitimate account information and uses it as if they were the victim which is much quicker but the yield is much lower Having said that it is also more plentiful and easily monetized However fraud is not the only motivation for a security breach Another very important data breach motive is industrial espionage This is usually not related to PD so the breaches often go unreported Instead industrial espionage involves the theft of intellectual property and business communications either by government organizations or hacking teams used by questionable businesses While this type of breach generally has no direct impact on the consumer the long-term consequences almost always trickle down to the user in the form of loss of services or increased costs This brings us to the other use of stolen information governmental espionage This is not the fun money and trade secrets stealing type instead its the things we typically only get to see in movies The Office of Professional Management OPM breach for example was solely conducted for government intelligence purposes This breach included the crippling loss of all the personal information for everyone who had submitted for a US Military Top Secret security clearance The value of this information to an adversarial intelligence organization is absolutely staggering From this an adversary could gain insights into a large portion of the US intelligence organizations structure both identifying US intelligence agents and their support elements Moreover the breached data can also be used to identify and assess individuals for espionage recruitment ie identifying personal and financial vulnerabilities used in blackmail throughout every organization in the US Department of Defense This leads us back to the Marriott breach Lost in the splash of big numbers associated with the Marriott breach is the real value of the data not for fraud but for pure counterintelligence use I predict that this breach wont have an impact on the end consumer but is likely to already have had a significant and lasting impact on national security efforts ie technical research economic strategies espionage operations and counterintelligence activities YOU MAY ALSO LIKE The framework of the Marriott breach looks like this someone gained access to the internal databases and executed a full and complete extraction of user data This took place over years it was not a single occurrence which is a slight deviation from normal breaches As the investigation progressed more information came out the technical techniques and methodologies used matched a known problem group that has plagued many companies throughout the world Chinese intelligence A similarly foolish breach just under 10 years ago led to the large-scale enumeration of the CIAs source operations resulting in the tragic loss death of all the CIAs Chinese sources Its not a coincidence that the OPM breach and the Marriott breach occurred during the same time frame Coupled with the identification of potential US intelligence agents and monitored and correlated over time the large hotel data set allows an adversary to establish travel patterns and predict their travel and operations to match thus placing their missions and their lives at jeopardy As an aside the misuse of LinkedIn information recently by Chinese organizations can augment or further enumerate intelligence targets This leaves intelligence organizations scrambling to verify the integrity of their source operations not knowing who if any have been compromised and if they are sifting through data to determine what is misinformation and what is not On the offensive side the Chinese intelligence organizations could use the OPM breach data to identify people who have exploitable vulnerabilities not the cyber kind but the personality type and then couple that information with their travel information allowing the adversary to hand place agents and greatly improve the recruitment process With more than 43 million individuals holding a US security clearance and the time sometimes decades required to develop and conduct intelligence operations it is wildly unrealistic to simply change staff or operations Thus we are faced with the reality of extremely sensitive operations plans and research as well as millions of people their families and associates being analyzed by foreign intelligence adversaries Not all breaches are the same some cannot be washed away by a promise for more security and a full years worth of credit monitoring